Hi Bill, further to last comment, i.e. although I can get the token, when I use it to call
the same Rest service, I am getting 403 instead.
I don’t know if this helps or not, but I have also noticed that the console produced
different output:
Using non-keycloak client (Did not work - get 403)
15:05:28,228 INFO [org.keycloak.services.resources.TokenService] (default task-1) no
authorization header
15:05:28,345 INFO [org.keycloak.audit] (default task-1) event=LOGIN,
realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=admin-client,
userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1,
username=roger(a)mailinator.com, response_type=token, auth_method=oauth_credentials,
refresh_token_id=3730424f-a718-4be8-a9fc-a090e5932564,
token_id=dd1bfeaa-54b1-4824-a6fe-d14eb1ae6f97
15:05:28,547 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-2) -->
authenticate()
15:05:28,548 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-2) try
bearer
15:05:28,566 INFO [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default
task-2) checking whether to refresh.
15:05:28,566 INFO [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default
task-2) use realm role mappings
15:05:28,571 INFO [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default
task-2) propagate security context to wildfly
15:05:28,571 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-2) Bearer
AUTHENTICATED
Using keycloak app (similar to customer-cli sample) Work
15:06:30,254 INFO [org.keycloak.services.resources.TokenService] (default task-1)
createLogin() now...
15:06:39,965 INFO [org.keycloak.audit] (default task-2) event=LOGIN,
realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=hellokeycloak,
userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1,
username=roger(a)mailinator.com, response_type=code, redirect_uri=http://localhost:59999,
auth_method=form, code_id=bd10d4cc-9f99-42df-b984-b92093f5a6af1405451199946
15:06:39,966 INFO [org.keycloak.services.managers.AuthenticationManager] (default task-2)
createLoginCookie
15:06:39,966 INFO [org.keycloak.services.managers.AuthenticationManager] (default task-2)
createIdentityToken
15:06:40,092 INFO [org.keycloak.services.resources.TokenService] (default task-3) no
authorization header
15:06:40,119 INFO [org.keycloak.audit] (default task-3) event=CODE_TO_TOKEN,
realmId=ab9527ff-1dbe-4ce1-934c-ee2e1057d8b7, clientId=hellokeycloak,
userId=58cfb6e9-9ff8-45a8-98bb-3a26b341b783, ipAddress=127.0.0.1,
refresh_token_id=476b2f86-3df4-4cf6-8d51-55aa70264346,
code_id=bd10d4cc-9f99-42df-b984-b92093f5a6af1405451199946,
token_id=be0358ab-2c28-4bdc-a95c-681b63095217
15:06:46,567 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-4) -->
authenticate()
15:06:46,568 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-4) try
bearer
15:06:46,584 INFO [org.keycloak.adapters.RefreshableKeycloakSecurityContext] (default
task-4) checking whether to refresh.
15:06:46,584 INFO [org.keycloak.adapters.undertow.KeycloakUndertowAccount] (default
task-4) use realm role mappings
15:06:46,589 INFO [org.keycloak.adapters.wildfly.WildflyRequestAuthenticator] (default
task-4) propagate security context to wildfly
15:06:46,590 INFO [org.keycloak.adapters.RequestAuthenticator] (default task-4) Bearer
AUTHENTICATED